e3c6c672d762173c34668bde632319c67cd4d41c11c02715abfbe71bcca65253

Sharing

Copy URL Twitter E-mail

General

Target

e3c6c672d762173c34668bde632319c67cd4d41c11c02715abfbe71bcca65253
Size

2.9MB
MD5

9beab8f9d972d9c4a0aa3a5a4453040a
SHA1

a2cd975a637e4a06506d4a222219beba4a6f08c6
SHA256

e3c6c672d762173c34668bde632319c67cd4d41c11c02715abfbe71bcca65253
SHA512

f494a3bc4587eb7efb6a3d2aed0fe9f9a8b67dc8a14b944004f17a3c4077ebd4fc501a2af74f45bc15ed86574374763b776d05980685148b40ce66b41a25f1cd
SSDEEP

49152:qNEazLA7o71WdUNgQP2xS4/uwSjPuA0DKTsFHPd:qNEazsX+e/J5S7uAOB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e3c6c672d762173c34668bde632319c67cd4d41c11c02715abfbe71bcca65253

Files

e3c6c672d762173c34668bde632319c67cd4d41c11c02715abfbe71bcca65253
.dll windows:5 windows x86 arch:x86

351d13873dabfe8b70b02e85f4cd6d90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\C++\Safe\Rhino\Safe\Install\RCSetup\Bin\Win32\release_static\pdb\RCWidgetPlugin.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

getsockopt
listen
recv
recvfrom
send
sendto
setsockopt
shutdown
socket
connect
WSAGetLastError
closesocket
getsockname
freeaddrinfo
getaddrinfo
ntohl
inet_addr
ntohs
htons
WSACleanup
WSAStartup
getpeername
bind
ioctlsocket
select
accept

kernel32

GlobalAlloc
GlobalFree
WideCharToMultiByte
lstrcpyW
GetVersionExW
FindFirstFileW
lstrlenW
FindClose
GetFileAttributesW
lstrcatW
WriteFile
SetFilePointer
GetLocalTime
GetUserDefaultLangID
QueryDosDeviceW
GetEnvironmentVariableW
GetLogicalDriveStringsW
VirtualQuery
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
TryEnterCriticalSection
InterlockedExchange
GetSystemTimeAsFileTime
OpenProcess
GetCurrentProcess
TerminateProcess
GetStdHandle
DuplicateHandle
CreateProcessW
GetStartupInfoW
SetEvent
CreateEventW
GetLongPathNameW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
ResetEvent
ReleaseMutex
WaitForMultipleObjects
CreateMutexW
LocalFree
FormatMessageW
SetEndOfFile
SetFileTime
CreateDirectoryW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
GetSystemInfo
SetEnvironmentVariableA
FindNextFileW
FreeLibrary
GetProcAddress
LoadLibraryExW
SearchPathW
ResumeThread
GetModuleHandleW
LockResource
LoadResource
FindResourceW
lstrcmpiW
InitializeCriticalSection
GetACP
LoadLibraryW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetFileSize
GetFileTime
IsValidCodePage
GetWindowsDirectoryW
ReadFile
MoveFileW
InterlockedExchangeAdd
HeapFree
MultiByteToWideChar
GetProcessHeap
GetTickCount
LoadLibraryA
DeviceIoControl
GetFileSizeEx
SetLastError
GlobalMemoryStatusEx
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
lstrcmpW
MulDiv
SizeofResource
SetWaitableTimer
CreateWaitableTimerW
LocalAlloc
FreeResource
GlobalLock
GlobalUnlock
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
GetModuleHandleA
DisableThreadLibraryCalls
CreateThread
VirtualProtect
GetModuleHandleExW
OutputDebugStringA
HeapCreate
HeapDestroy
FlushInstructionCache
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetOEMCP
GetFullPathNameA
UnlockFileEx
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapReAlloc
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
FormatMessageA
MapViewOfFile
FlushFileBuffers
GetFileType
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
lstrcpynW
GetCurrentThreadId
WaitForSingleObject
GetTempPathW
CloseHandle
CreateFileW
SetErrorMode
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetCommandLineA
GetEnvironmentStringsW
GetModuleFileNameW
GetCurrentProcessId
Sleep
GetDiskFreeSpaceW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
HeapAlloc
GetCommandLineW
RtlUnwind
ExitThread
ExitProcess
GetModuleFileNameA
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FindFirstFileExA
GetTempFileNameW
FindNextFileA
SetStdHandle
WriteConsoleW
LockFile
InterlockedCompareExchange
AreFileApisANSI
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFullPathNameW
SetThreadContext
GetThreadContext
FreeLibraryAndExitThread
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
Thread32Next
Thread32First
SuspendThread
CreateToolhelp32Snapshot
OpenThread

user32

MonitorFromWindow
IsWindowVisible
GetDC
ShowWindowAsync
AdjustWindowRectEx
GetWindowTextLengthW
DialogBoxParamW
UnionRect
GetClassLongW
PostQuitMessage
SetRect
UpdateLayeredWindow
FillRect
MsgWaitForMultipleObjects
SetRectEmpty
AttachThreadInput
SetCaretPos
LoadImageW
LoadBitmapW
GetDesktopWindow
SetForegroundWindow
ToAscii
GetCaretBlinkTime
GetKeyboardState
GetSystemMetrics
DrawIconEx
GetIconInfo
GetSysColor
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
GetAncestor
RegisterWindowMessageW
EnumThreadWindows
CreateAcceleratorTableW
LoadStringW
GetFocus
GetAsyncKeyState
GetMonitorInfoW
IsChild
MapWindowPoints
ValidateRect
MoveWindow
SetFocus
ShowWindow
InvalidateRgn
OpenClipboard
SetTimer
SetWindowRgn
GetClassNameW
SetParent
GetDlgItem
KillTimer
SetWindowTextW
DestroyAcceleratorTable
BeginPaint
EndPaint
EnableWindow
GetKeyState
ScreenToClient
TrackMouseEvent
SetCapture
ReleaseCapture
SetWindowPos
EqualRect
EnumChildWindows
RedrawWindow
CopyRect
ClientToScreen
IntersectRect
GetWindowDC
SetCursor
GetClientRect
IsZoomed
GetParent
InvalidateRect
GetDCEx
IsIconic
ReleaseDC
GetCursorPos
CreateWindowExW
RegisterClassExW
IsRectEmpty
LoadCursorW
GetClassInfoExW
CharPrevW
CharNextW
wsprintfW
GetMessageW
DispatchMessageW
PeekMessageW
TranslateMessage
PostThreadMessageW
SystemParametersInfoW
GetWindowThreadProcessId
GetWindow
GetWindowRect
MessageBoxW
IsWindow
GetForegroundWindow
FindWindowW
PtInRect
GetWindowTextW
PostMessageW
GetActiveWindow
LoadIconW
EndDialog
GetWindowLongW
DefWindowProcW
CallWindowProcW
DestroyWindow
SendMessageW
UnregisterClassW
SetWindowLongW
SetPropW
RemovePropW
GetPropW
OffsetRect

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
RegCloseKey

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemAlloc
OleUninitialize
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoGetClassObject
OleInitialize

shell32

SHGetSpecialFolderPathW
DragFinish
DragQueryFileW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

oleaut32

SysAllocStringLen
SysStringLen
DispCallFunc
VarUI4FromStr
LoadTypeLi
VariantInit
LoadRegTypeLi
SysAllocString
VariantClear
OleCreateFontIndirect
SysFreeString

shlwapi

PathFindFileNameW
ord12
StrToIntA
PathAppendW
StrDupW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdi32

CreateFontIndirectW
CreateSolidBrush
DeleteObject
GetObjectW
SetTextColor
GetStockObject
GetRgnBox
SetViewportOrgEx
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CreatePolygonRgn
CreateRectRgnIndirect
SetWorldTransform
SetGraphicsMode
SetBkColor
EnumFontsW
PtInRegion
CreateRoundRectRgn
CreateDIBSection
GetClipBox
GetDIBits
CreateDCW
ExtTextOutW
DeleteDC

msimg32

AlphaBlend

urlmon

CoInternetCreateZoneManager
CoInternetCreateSecurityManager

imm32

ImmNotifyIME
ImmAssociateContextEx
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmGetCompositionStringW

gdiplus

GdipCreateSolidFill
GdipCloneBitmapArea
GdipGetCellDescent
GdipSetInterpolationMode
GdipSetLinePresetBlend
GdipCreateFont
GdipSetStringFormatLineAlign
GdipCreatePath
GdipEndContainer
GdipSetSmoothingMode
GdipCreateMatrix
GdipGetStringFormatAlign
GdipDeletePath
GdipDisposeImageAttributes
GdipCreateMatrix2
GdipDeleteBrush
GdipGetLineSpacing
GdipSetLineWrapMode
GdipCreateLineBrushI
GdipDrawImageRectRect
GdipSaveGraphics
GdipCreateFontFamilyFromName
GdipGetEmHeight
GdipGetStringFormatLineAlign
GdipAddPathString
GdipGetTextRenderingHint
GdipGetFamily
GdipSetCompositingQuality
GdipSetImageAttributesColorMatrix
GdipGetLineTransform
GdipDeleteFontFamily
GdipGetInterpolationMode
GdipCreateRegionPath
GdipAddPathLineI
GdipAddPathBezierI
GdipCombineRegionPath
GdipAddPathEllipseI
GdipAddPathArcI
GdipAddPathRectangleI
GdipCombineRegionRegion
GdipSetStringFormatTrimming
GdipSetLineTransform
GdipSetTextureTransform
GdipSetCompositingMode
GdipCreateHBITMAPFromBitmap
GdipTransformRegion
GdipFillPath
GdipGetPathWorldBounds
GdipFillRectangleI
ord1
GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipGetFontSize
GdipTranslateWorldTransform
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatAlign
GdipDrawImageRectRectI
GdipDeleteMatrix
GdipGetFamilyName
GdipCloneRegion
GdipSetStringFormatFlags
GdipGetImagePixelFormat
GdipCloneBitmapAreaI
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipBitmapUnlockBits
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipFree
GdipImageSelectActiveFrame
GdipBitmapLockBits
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetImageWidth
GdipGetPropertyItemSize
GdiplusStartup
GdipMultiplyWorldTransform
GdipGraphicsClear
GdipSetPenDashStyle
GdipDrawLine
GdipDrawRectangle
GdipSetPixelOffsetMode
GdipScaleWorldTransform
GdipSetClipRectI
GdipClosePathFigure
GdipGetSmoothingMode
GdipDrawArcI
GdipCreateImageAttributes
GdipSetClipRegion
GdipDrawPath
GdipDrawString
GdipSetImageAttributesWrapMode
GdipGetClipBoundsI
GdipGetFontStyle
GdipCreateFromHDC
GdipFillEllipse
GdipBeginContainer2
GdipCreateTexture
GdipGetTextureTransform
GdipGetMatrixElements
GdipCloneStringFormat
GdipSetTextRenderingHint
GdipGetCellAscent
GdipStringFormatGetGenericTypographic
GdipRotateWorldTransform
GdipRestoreGraphics
GdipCloneBrush
GdipMeasureString
GdipDeleteRegion
GdipGetBrushType
GdipGetImageGraphicsContext

winmm

timeGetTime

psapi

GetMappedFileNameW

Exports

Exports

CheckInstall
GetCheckValue
GetInstDir
GetInstallResult
GetLockCheckState
GetLockSearchEngineCheckState
GetSoftMgrInstallState
Init
IsSupportedOS
OnRepair
OnSetup
OnSetupPost
OnUninstall
PopInt
PopString
PushInt
PushString
SetProgress
ShowInstallDlg
ShowUnInstallDlg

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

351d13873dabfe8b70b02e85f4cd6d90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

msimg32

urlmon

imm32

gdiplus

winmm

psapi

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 479KB - Virtual size: 479KB

.data Size: 31KB - Virtual size: 43KB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 465KB - Virtual size: 464KB

.reloc Size: 106KB - Virtual size: 105KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 479KB - Virtual size: 479KB

.data
Size: 31KB - Virtual size: 43KB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 465KB - Virtual size: 464KB

.reloc
Size: 106KB - Virtual size: 105KB